Instagram is testing end-to-end encryption for its direct messaging service. Is this proposal good for privacy or bad for online safety?

Jack Redmond

As social media companies continue to expand, governments are looking to challenge encryption features with tighter online regulations.   

Meta the parent company to Facebook, WhatsApp, and Instagram continues to operate with enormous market and social influence over the debate between data privacy and online safety.       

Instagram and its direct-messaging (DM) feature on the platform is making a daring proposal to introduce end-to-end encryption. Meta explains that end-to-end encryption, “provides strong privacy and security guarantees to people who use these services: it ensures that only the sender and the intended recipient or recipients of a communication, and no one in between, can access, infer, or tamper with its content.”

Instagram and Facebook’s encryption endeavours have been postponed until 2023. But this proposal has provoked an inducing debate around the concerning similarities and differences of private entities and government access to virtual communications.

The corporate decision to improve levels of privacy when messaging on Instagram and Facebook, has governments and institutions concerned for online safety.

A memo outlining concerns with encrypted features addressed to the Council of the European Union in November 2020 states, “for competent authorities, access to electronic evidence can be essential, not only to conduct successful investigations and thereby bring criminals to justice, but also to protect victims and help ensure security.”

Preventing criminal activities conducted online and co-operation with law enforcement are important practises to protect children from dangerous material online.

However, such proposals as outlined to the European Parliament undermine the concept of end-to-end encryption and present fundamental concerns to private communications by conceivably subjecting online users to client side scanning (CSS), that in theory would have to be applied universally in search of, and to, prevent illegal or suspicious content on messaging software.  

Additionally, there are potential security risks to private data by nefarious hackers, if such encryption ethics online are diluted.

Apple addressed such security risks in 2016 stating, “the “key” to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.”

The E.U. memo (2020) does acknowledge the function for encryption online and the importance of privacy, as noted “[online encryption] is a means to protect individuals, civil society, critical infrastructures, media and journalists, industry and governments by ensuring the privacy, confidentiality, data integrity and availability of communications and personal data.”

But this conflicting memo and an excessive regulative governing outlook, makes managing user data privacy a lot more complicated. Speculated steps towards implementing client side scanning on messaging platforms would automatically diminish encrypted protections for online users.

This E.U. memo seeks to rightly advocate for online safety, but has bureaucratically underestimated and/or doesn’t understand the innovations, privacy and security of encrypted messaging and the unranked culture of social media and online platforms globally.

Unfortunately, we as online users are now presented with a paradox:

Meta, a social media conglomerate has defined their intention and parameters of further privacy afforded to their users regarding encryption going forward. While it still remains unclear how democratic governments plan to balance preventing illegal content online by possibly bypassing encryptions through backdoor injunctions, while simultaneously propounding to protect the principles of end-to-end encryption.

Jack Redmond